Here is my write up on Day 3; the meeting kicked off in working groups and then returned to plenary; the plenary video is indexed on their web page. This article is made from mainly contemporaneous notes, but I had to revisit the video for the final two speakers. The plenary had guest speakers and allowed some of the working groups to present their ideas. My article here does my best to tell the story of what happened. Most groups seem to have some difficulty in imagining what will change, and there is much inertia and fear on what we’ll lose and whether it’ll get worse and crime will grow. I am disappointed at the failure to emphasis privacy except for Renate Nikolay, from the Commission and there were some belated calls for free speech, universal access and a need to regulate and suppress fake news. There is an interesting but inconclusive discussion on how to catch up with the USA and China, and a need for education and information. Possibly the most important contribution came from Rehana Schwinninger-Ladak, one of the knowledge committee, again from the Commission who classified the problems and solutions as about people, industry and infrastructure.
On Day 3, a further two hours was spent in the working groups and further issues were identified:
These included a right to anonymity and multiple persona’s while recognising a need to verify for administrative and commercial activities.There was some creeping toward a right to privacy but the moderators steered them away from it, we’ll see when it’s written up.
I lost the plot here, a couple of older people just can’t get beyond whinging. Is this me, and a lack of patience, the stories involve a fear that banks will lose one’s money, and a fear of phishing attacks from people impersonating dead relatives. This is not imagining the future. But I remind myself that the whole purpose of citizens’ assemblies is to raise concerns, issues and solutions that experts and politicians might miss. Perhaps we do have to fix banking and social media first. I should also note the numerous proposals from CoFoE designed to bring the private corporate sector into line with legally required behaviour. I would also add that from my experience, laws that require individual legal actions to enforce are less effective than those for which regulator have the power to fine. We should all note that the Sarbanes-Oxley laws allowed the levying of high fines until the wrong was remediated. I also note that today, levying daily fines on companies would have to be done by the member states.
At last someone asked if we are customers, citizens or products and made the point that Google’s SSO is not the answer; prescient as Google were about to announce a ton of redundancies, and withdrawal from the headset/visor market.
The Plenary
We returned to the plenary, where Renate Nikolay, the Deputy Director of DGConnect was a breath of fresh air. She stated that the No 1 right is privacy and noted that there was huge pressure against the GDPR, from both companies and the US Government. Having said that, I observe that the GDPR weakened the principle that personal data processing requires consent as it introduces six lawful purposes and by default leaves it to the data controller to choose which purpose they use.
The newer digital market regulations put the GDPR into a commercial context; GDPR defines citizen rights, and the other two laws define the regulated roles of the gatekeepers and seek to defend the right to enter for SMEs, well may be, but let’s note that “notify and take down” has been written into the EU law, and that, it and several other aspects of EU law reinforce the monopolies’ barriers to entry.
Renate also suggested that pan-European co-operation was the route to technical sovereignty.
The plenary then asked representatives from each of the groups to present their findings to the plenary. The first report was on economics and jobs. They proposed that, everyone must have access to the Internet and metaverse regardless of background and that there needs to be a public investment fund focused on health and the environment with global ambitions. On reviewing these notes, I wonder if some member states restrict access to the internet, by for instance, issuing internet licences as most issue driving licences. The second dimension of the training proposal is to ensure fairness for both companies and citizens, but in the corporate area there needs to be a focus on enabling SMEs. The rapporteur, in passing. spoke about the possible need the health and safety time limits on using the Internet and in virtual worlds. This was contradicted by one of the questioners who felt that for adults, this was a question of personal choice. I don’t agree. Health and safety controls protect not just the individual, but also their co-workers as well. A further questioner reinforce the need for training, stating it should be pan European and free.
The second group to speak, spoke on safety and security. Their first point was that verifiable identities may need to scale, with anonymity being permitted for some uses, but that for contracts and governments transactions, verifiable and trusted identities were needed. The second point made was that virtual worlds, the Internet and their hosted applications needed to be simple to use. This would be most important when signing on as we know from the GDPR that the attention given to this process and the granting of consent is often perfunctory. The group proposed a right to die in the metaverse. (See my day two report [or on Medium]). The group also repeated the demand for greater training, particularly aimed at the vulnerable and older citizens. The rapporteur also reinforced the need for citizens to guard the privacy of their data.
The third group to present was discussing society. Their first proposal was of freedom of choice, the right to not engage in the digital world and on the right to anonymity if one did. The second proposal was that there be some form of ombudsperson who would guarantee access so education and information, and guarantee fairness by the service providers. The third point was to guarantee that remote and rural areas had access to the Internet and the metaverse. The speaker finished with a rare statement of optimism, saying, “where there’s a will there’s a way”. One of the questioners to this speaker raise the contradictory issues of licencing providers and demanding a freedom of speech. Perhaps I am too used to American companies demanding a freedom of speech for themselves at the expense of the citizens to whom they sell.
The fourth group to present presented on health and the environment. The first proposal was the need for early age education which would need to be free. The second demand what’s that education including parts of information technology ethics be made available so broad range of people, most importantly, older people who are more likely to have less experience in using these tools. The group raised the issue of IT recycling seemingly unaware of WEEED. The group did wrap up by exploring applications such as climate control simulations, and posed the possibility of medical remote diagnosis and treatment.
One of the moderators summarised the derived values using this slide.
Two members of the “knowledge committee” responded, Rehana Schwinninger-Ladak and Prof. Frank Steinicke.
Ms Schwinninger-Ladak thanked the conference for developing and confirming the values but stated that these are wide issues and that focused proposals for change need to be developed that are relevant to the Metaverse and Virtual Worlds. She classified the families of concern as people, industry and infrastructure. She recognised the calls for education and skills provision, posed the EU’s plans for an EU digital ID as part of the answer for simplicity and safety. Are the EU going to provide an OAuth service, surely, it’s premature? Is the Estonia ID system capable of acting as a safe OAuth server? Do service providers have to recognise specific OAuth services? She also felt that translation was an area where further development is useful and necessary.
For the industrial issues, she identified technical sovereignty as one key issue, but also thanked the conference for recognising the need for freedom and fairness of access to the internet/metaverse for SMEs and start-ups.
The key infrastructure issue apart of course from technical sovereignty is that of coverage. I note that “Code is Law” thus software sovereignty and open source is necessary, but for citizens, the network must be ubiquitous and fast across the whole of the continent.
She closed her contribution be noting the need for a right to connect, right to disconnect and a right to not engage.
I found her classification of people, industry and infrastructure useful.
Prof Steinicke reviewed the problem areas noting that the internet doesn’t work (yet) if the servers don’t have the data i.e. people’s personal data is in the cloud and frankly is likely to stay there, [or on Medium]. I think the costs and physics make this still true.
He also categorised the current state of the internet provision as in the US dominated by private companies, in the Far East dominated by nation states, giving Europe the opportunity to build a human centric network; we’ll see if we have given the other two too much of a head start, although China has clearly caught up, or is catching up with the USA. One of the questions aimed at him asked whether we could catch up with the US software lead, his reply is that it would take money. I would add, that the Commission needs to consider technical sovereignty on both software and system hardware. Is Europe building the computers it needs and software is important too, maybe more so. Perhaps I should reconnect to NESSI and see what Europe’s IT researchers think is important.
The final question was fielded by Rehana who was asked how citizens were to be engaged. She pointed out that these citizens’ assemblies were an important tool and may have hinted at the digital platform that the Commission are proposing to succeed the CoFoE digital platform is another means. The replacement is not as good as the CoFoE platform but it will have a user registry and could be the basis for an EU digital identity; as I say above will they actually implement an Oauth service.